IPv6 Firewall and routing

I got my Turris Omnia up and running, port forwards work for my server.

I am connected through Comcast in San Francisco, and they have been running IPv6 for a year.

My server and laptop are configured to use ipv6, they get a fully qualified ipv6 address, which can be pinged from the outside, if i surf to a ‘what-is-my-ip-site’ it shows the ipv6 address of my laptop, not of my router. But a portscan show all ports as Filtered.

I want port 22 and 80 to be open.

How do i do that? N00b on ipv6…

Incoming IPv6 is blocked by default except ICMP. See the answer below and adopt similar rules for your deployment.